@azure/msal-common 15.2.1 → 15.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (170) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +3 -3
  7. package/dist/authority/Authority.mjs.map +1 -1
  8. package/dist/authority/AuthorityFactory.mjs +1 -1
  9. package/dist/authority/AuthorityMetadata.mjs +1 -1
  10. package/dist/authority/AuthorityOptions.mjs +1 -1
  11. package/dist/authority/AuthorityType.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  13. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  14. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  15. package/dist/authority/ProtocolMode.d.ts +11 -0
  16. package/dist/authority/ProtocolMode.d.ts.map +1 -1
  17. package/dist/authority/ProtocolMode.mjs +12 -1
  18. package/dist/authority/ProtocolMode.mjs.map +1 -1
  19. package/dist/authority/RegionDiscovery.mjs +1 -1
  20. package/dist/cache/CacheManager.mjs +1 -1
  21. package/dist/cache/entities/AccountEntity.mjs +4 -4
  22. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  23. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  24. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  25. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  26. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  27. package/dist/client/AuthorizationCodeClient.mjs +41 -246
  28. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  29. package/dist/client/BaseClient.d.ts.map +1 -1
  30. package/dist/client/BaseClient.mjs +9 -10
  31. package/dist/client/BaseClient.mjs.map +1 -1
  32. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  33. package/dist/client/RefreshTokenClient.mjs +27 -29
  34. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  35. package/dist/client/SilentFlowClient.mjs +1 -1
  36. package/dist/config/ClientConfiguration.mjs +1 -1
  37. package/dist/constants/AADServerParamKeys.d.ts +3 -0
  38. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  39. package/dist/constants/AADServerParamKeys.mjs +6 -3
  40. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  41. package/dist/crypto/ICrypto.mjs +1 -1
  42. package/dist/crypto/JoseHeader.mjs +1 -1
  43. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  44. package/dist/error/AuthError.mjs +1 -1
  45. package/dist/error/AuthErrorCodes.mjs +1 -1
  46. package/dist/error/CacheError.mjs +1 -1
  47. package/dist/error/CacheErrorCodes.mjs +1 -1
  48. package/dist/error/ClientAuthError.mjs +1 -1
  49. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  50. package/dist/error/ClientConfigurationError.mjs +1 -1
  51. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  52. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  53. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  54. package/dist/error/JoseHeaderError.mjs +1 -1
  55. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  56. package/dist/error/NetworkError.mjs +1 -1
  57. package/dist/error/ServerError.mjs +1 -1
  58. package/dist/exports-common.d.ts +4 -3
  59. package/dist/exports-common.d.ts.map +1 -1
  60. package/dist/index-browser.mjs +6 -3
  61. package/dist/index-browser.mjs.map +1 -1
  62. package/dist/index-node.mjs +6 -3
  63. package/dist/index-node.mjs.map +1 -1
  64. package/dist/index.mjs +6 -3
  65. package/dist/index.mjs.map +1 -1
  66. package/dist/logger/Logger.mjs +1 -1
  67. package/dist/network/INetworkModule.mjs +1 -1
  68. package/dist/network/RequestThumbprint.mjs +1 -1
  69. package/dist/network/ThrottlingUtils.mjs +1 -1
  70. package/dist/packageMetadata.d.ts +1 -1
  71. package/dist/packageMetadata.mjs +2 -2
  72. package/dist/protocol/Authorize.d.ts +37 -0
  73. package/dist/protocol/Authorize.d.ts.map +1 -0
  74. package/dist/protocol/Authorize.mjs +237 -0
  75. package/dist/protocol/Authorize.mjs.map +1 -0
  76. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  77. package/dist/request/CommonAuthorizationUrlRequest.d.ts +3 -2
  78. package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  79. package/dist/request/RequestParameterBuilder.d.ts +211 -219
  80. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  81. package/dist/request/RequestParameterBuilder.mjs +364 -370
  82. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  83. package/dist/request/RequestValidator.mjs +1 -1
  84. package/dist/request/ScopeSet.mjs +1 -1
  85. package/dist/response/AuthorizeResponse.d.ts +76 -0
  86. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  87. package/dist/response/ResponseHandler.d.ts +0 -8
  88. package/dist/response/ResponseHandler.d.ts.map +1 -1
  89. package/dist/response/ResponseHandler.mjs +2 -49
  90. package/dist/response/ResponseHandler.mjs.map +1 -1
  91. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  92. package/dist/telemetry/performance/PerformanceEvent.d.ts +6 -2
  93. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  94. package/dist/telemetry/performance/PerformanceEvent.mjs +15 -11
  95. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  96. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  97. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  98. package/dist/url/UrlString.mjs +1 -1
  99. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  100. package/dist/utils/Constants.d.ts +11 -5
  101. package/dist/utils/Constants.d.ts.map +1 -1
  102. package/dist/utils/Constants.mjs +13 -8
  103. package/dist/utils/Constants.mjs.map +1 -1
  104. package/dist/utils/FunctionWrappers.mjs +1 -1
  105. package/dist/utils/ProtocolUtils.mjs +1 -1
  106. package/dist/utils/StringUtils.mjs +1 -1
  107. package/dist/utils/TimeUtils.mjs +1 -1
  108. package/dist/utils/UrlUtils.d.ts +6 -2
  109. package/dist/utils/UrlUtils.d.ts.map +1 -1
  110. package/dist/utils/UrlUtils.mjs +13 -2
  111. package/dist/utils/UrlUtils.mjs.map +1 -1
  112. package/lib/index-browser.cjs +4 -2
  113. package/lib/index-browser.cjs.map +1 -1
  114. package/lib/{index-node--LMD5Re1.js → index-node-C56U0Gkp.js} +833 -777
  115. package/lib/index-node-C56U0Gkp.js.map +1 -0
  116. package/lib/index-node.cjs +4 -2
  117. package/lib/index-node.cjs.map +1 -1
  118. package/lib/index.cjs +4 -2
  119. package/lib/index.cjs.map +1 -1
  120. package/lib/types/authority/ProtocolMode.d.ts +11 -0
  121. package/lib/types/authority/ProtocolMode.d.ts.map +1 -1
  122. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  123. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  124. package/lib/types/client/BaseClient.d.ts.map +1 -1
  125. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  126. package/lib/types/constants/AADServerParamKeys.d.ts +3 -0
  127. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  128. package/lib/types/exports-common.d.ts +4 -3
  129. package/lib/types/exports-common.d.ts.map +1 -1
  130. package/lib/types/packageMetadata.d.ts +1 -1
  131. package/lib/types/protocol/Authorize.d.ts +37 -0
  132. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  133. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +3 -2
  134. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  135. package/lib/types/request/RequestParameterBuilder.d.ts +211 -219
  136. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  137. package/lib/types/response/AuthorizeResponse.d.ts +76 -0
  138. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  139. package/lib/types/response/ResponseHandler.d.ts +0 -8
  140. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  141. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +6 -2
  142. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  143. package/lib/types/utils/Constants.d.ts +11 -5
  144. package/lib/types/utils/Constants.d.ts.map +1 -1
  145. package/lib/types/utils/UrlUtils.d.ts +6 -2
  146. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  147. package/package.json +1 -1
  148. package/src/authority/Authority.ts +2 -2
  149. package/src/authority/ProtocolMode.ts +11 -0
  150. package/src/cache/entities/AccountEntity.ts +3 -3
  151. package/src/client/AuthorizationCodeClient.ts +84 -395
  152. package/src/client/BaseClient.ts +20 -12
  153. package/src/client/RefreshTokenClient.ts +60 -30
  154. package/src/constants/AADServerParamKeys.ts +3 -0
  155. package/src/exports-common.ts +5 -2
  156. package/src/packageMetadata.ts +1 -1
  157. package/src/protocol/Authorize.ts +409 -0
  158. package/src/request/CommonAuthorizationUrlRequest.ts +3 -2
  159. package/src/request/RequestParameterBuilder.ts +516 -545
  160. package/src/response/AuthorizeResponse.ts +80 -0
  161. package/src/response/ResponseHandler.ts +0 -98
  162. package/src/telemetry/performance/PerformanceEvent.ts +14 -11
  163. package/src/utils/Constants.ts +14 -6
  164. package/src/utils/UrlUtils.ts +19 -4
  165. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  166. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  167. package/lib/index-node--LMD5Re1.js.map +0 -1
  168. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  169. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  170. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -4,7 +4,6 @@
4
4
  */
5
5
 
6
6
  import {
7
- Constants,
8
7
  ResponseMode,
9
8
  CLIENT_INFO,
10
9
  AuthenticationScheme,
@@ -13,6 +12,7 @@ import {
13
12
  OIDC_DEFAULT_SCOPES,
14
13
  ThrottlingConstants,
15
14
  HeaderNames,
15
+ OAuthResponseType,
16
16
  } from "../utils/Constants.js";
17
17
  import * as AADServerParamKeys from "../constants/AADServerParamKeys.js";
18
18
  import { ScopeSet } from "./ScopeSet.js";
@@ -21,7 +21,6 @@ import {
21
21
  ClientConfigurationErrorCodes,
22
22
  } from "../error/ClientConfigurationError.js";
23
23
  import { StringDict } from "../utils/MsalTypes.js";
24
- import { RequestValidator } from "./RequestValidator.js";
25
24
  import {
26
25
  ApplicationTelemetry,
27
26
  LibraryInfo,
@@ -30,11 +29,11 @@ import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManag
30
29
  import { ClientInfo } from "../account/ClientInfo.js";
31
30
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
32
31
 
33
- function instrumentBrokerParams(
32
+ export function instrumentBrokerParams(
34
33
  parameters: Map<string, string>,
35
34
  correlationId?: string,
36
35
  performanceClient?: IPerformanceClient
37
- ) {
36
+ ): void {
38
37
  if (!correlationId) {
39
38
  return;
40
39
  }
@@ -53,611 +52,583 @@ function instrumentBrokerParams(
53
52
  }
54
53
  }
55
54
 
56
- /** @internal */
57
- export class RequestParameterBuilder {
58
- private parameters: Map<string, string>;
59
- private readonly performanceClient?: IPerformanceClient;
60
- private readonly correlationId?: string;
61
-
62
- constructor(
63
- correlationId?: string,
64
- performanceClient?: IPerformanceClient
65
- ) {
66
- this.parameters = new Map<string, string>();
67
- this.performanceClient = performanceClient;
68
- this.correlationId = correlationId;
69
- }
55
+ /**
56
+ * Add the given response_type
57
+ * @param parameters
58
+ * @param responseType
59
+ */
60
+ export function addResponseType(
61
+ parameters: Map<string, string>,
62
+ responseType: OAuthResponseType
63
+ ): void {
64
+ parameters.set(AADServerParamKeys.RESPONSE_TYPE, responseType);
65
+ }
70
66
 
71
- /**
72
- * add response_type = code
73
- */
74
- addResponseTypeCode(): void {
75
- this.parameters.set(
76
- AADServerParamKeys.RESPONSE_TYPE,
77
- encodeURIComponent(Constants.CODE_RESPONSE_TYPE)
78
- );
79
- }
67
+ /**
68
+ * add response_mode. defaults to query.
69
+ * @param responseMode
70
+ */
71
+ export function addResponseMode(
72
+ parameters: Map<string, string>,
73
+ responseMode?: ResponseMode
74
+ ): void {
75
+ parameters.set(
76
+ AADServerParamKeys.RESPONSE_MODE,
77
+ responseMode ? responseMode : ResponseMode.QUERY
78
+ );
79
+ }
80
80
 
81
- /**
82
- * add response_type = token id_token
83
- */
84
- addResponseTypeForTokenAndIdToken(): void {
85
- this.parameters.set(
86
- AADServerParamKeys.RESPONSE_TYPE,
87
- encodeURIComponent(
88
- `${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`
89
- )
90
- );
91
- }
81
+ /**
82
+ * Add flag to indicate STS should attempt to use WAM if available
83
+ */
84
+ export function addNativeBroker(parameters: Map<string, string>): void {
85
+ parameters.set(AADServerParamKeys.NATIVE_BROKER, "1");
86
+ }
92
87
 
93
- /**
94
- * add response_mode. defaults to query.
95
- * @param responseMode
96
- */
97
- addResponseMode(responseMode?: ResponseMode): void {
98
- this.parameters.set(
99
- AADServerParamKeys.RESPONSE_MODE,
100
- encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY)
101
- );
88
+ /**
89
+ * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
90
+ * @param scopeSet
91
+ * @param addOidcScopes
92
+ */
93
+ export function addScopes(
94
+ parameters: Map<string, string>,
95
+ scopes: string[],
96
+ addOidcScopes: boolean = true,
97
+ defaultScopes: Array<string> = OIDC_DEFAULT_SCOPES
98
+ ): void {
99
+ // Always add openid to the scopes when adding OIDC scopes
100
+ if (
101
+ addOidcScopes &&
102
+ !defaultScopes.includes("openid") &&
103
+ !scopes.includes("openid")
104
+ ) {
105
+ defaultScopes.push("openid");
102
106
  }
107
+ const requestScopes = addOidcScopes
108
+ ? [...(scopes || []), ...defaultScopes]
109
+ : scopes || [];
110
+ const scopeSet = new ScopeSet(requestScopes);
111
+ parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
112
+ }
103
113
 
104
- /**
105
- * Add flag to indicate STS should attempt to use WAM if available
106
- */
107
- addNativeBroker(): void {
108
- this.parameters.set(
109
- AADServerParamKeys.NATIVE_BROKER,
110
- encodeURIComponent("1")
111
- );
112
- }
114
+ /**
115
+ * add clientId
116
+ * @param clientId
117
+ */
118
+ export function addClientId(
119
+ parameters: Map<string, string>,
120
+ clientId: string
121
+ ): void {
122
+ parameters.set(AADServerParamKeys.CLIENT_ID, clientId);
123
+ }
113
124
 
114
- /**
115
- * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
116
- * @param scopeSet
117
- * @param addOidcScopes
118
- */
119
- addScopes(
120
- scopes: string[],
121
- addOidcScopes: boolean = true,
122
- defaultScopes: Array<string> = OIDC_DEFAULT_SCOPES
123
- ): void {
124
- // Always add openid to the scopes when adding OIDC scopes
125
- if (
126
- addOidcScopes &&
127
- !defaultScopes.includes("openid") &&
128
- !scopes.includes("openid")
129
- ) {
130
- defaultScopes.push("openid");
131
- }
132
- const requestScopes = addOidcScopes
133
- ? [...(scopes || []), ...defaultScopes]
134
- : scopes || [];
135
- const scopeSet = new ScopeSet(requestScopes);
136
- this.parameters.set(
137
- AADServerParamKeys.SCOPE,
138
- encodeURIComponent(scopeSet.printScopes())
139
- );
140
- }
125
+ /**
126
+ * add redirect_uri
127
+ * @param redirectUri
128
+ */
129
+ export function addRedirectUri(
130
+ parameters: Map<string, string>,
131
+ redirectUri: string
132
+ ): void {
133
+ parameters.set(AADServerParamKeys.REDIRECT_URI, redirectUri);
134
+ }
141
135
 
142
- /**
143
- * add clientId
144
- * @param clientId
145
- */
146
- addClientId(clientId: string): void {
147
- this.parameters.set(
148
- AADServerParamKeys.CLIENT_ID,
149
- encodeURIComponent(clientId)
150
- );
151
- }
136
+ /**
137
+ * add post logout redirectUri
138
+ * @param redirectUri
139
+ */
140
+ export function addPostLogoutRedirectUri(
141
+ parameters: Map<string, string>,
142
+ redirectUri: string
143
+ ): void {
144
+ parameters.set(AADServerParamKeys.POST_LOGOUT_URI, redirectUri);
145
+ }
152
146
 
153
- /**
154
- * add redirect_uri
155
- * @param redirectUri
156
- */
157
- addRedirectUri(redirectUri: string): void {
158
- RequestValidator.validateRedirectUri(redirectUri);
159
- this.parameters.set(
160
- AADServerParamKeys.REDIRECT_URI,
161
- encodeURIComponent(redirectUri)
162
- );
163
- }
147
+ /**
148
+ * add id_token_hint to logout request
149
+ * @param idTokenHint
150
+ */
151
+ export function addIdTokenHint(
152
+ parameters: Map<string, string>,
153
+ idTokenHint: string
154
+ ): void {
155
+ parameters.set(AADServerParamKeys.ID_TOKEN_HINT, idTokenHint);
156
+ }
164
157
 
165
- /**
166
- * add post logout redirectUri
167
- * @param redirectUri
168
- */
169
- addPostLogoutRedirectUri(redirectUri: string): void {
170
- RequestValidator.validateRedirectUri(redirectUri);
171
- this.parameters.set(
172
- AADServerParamKeys.POST_LOGOUT_URI,
173
- encodeURIComponent(redirectUri)
174
- );
175
- }
158
+ /**
159
+ * add domain_hint
160
+ * @param domainHint
161
+ */
162
+ export function addDomainHint(
163
+ parameters: Map<string, string>,
164
+ domainHint: string
165
+ ): void {
166
+ parameters.set(AADServerParamKeys.DOMAIN_HINT, domainHint);
167
+ }
176
168
 
177
- /**
178
- * add id_token_hint to logout request
179
- * @param idTokenHint
180
- */
181
- addIdTokenHint(idTokenHint: string): void {
182
- this.parameters.set(
183
- AADServerParamKeys.ID_TOKEN_HINT,
184
- encodeURIComponent(idTokenHint)
185
- );
186
- }
169
+ /**
170
+ * add login_hint
171
+ * @param loginHint
172
+ */
173
+ export function addLoginHint(
174
+ parameters: Map<string, string>,
175
+ loginHint: string
176
+ ): void {
177
+ parameters.set(AADServerParamKeys.LOGIN_HINT, loginHint);
178
+ }
187
179
 
188
- /**
189
- * add domain_hint
190
- * @param domainHint
191
- */
192
- addDomainHint(domainHint: string): void {
193
- this.parameters.set(
194
- AADServerParamKeys.DOMAIN_HINT,
195
- encodeURIComponent(domainHint)
196
- );
197
- }
180
+ /**
181
+ * Adds the CCS (Cache Credential Service) query parameter for login_hint
182
+ * @param loginHint
183
+ */
184
+ export function addCcsUpn(
185
+ parameters: Map<string, string>,
186
+ loginHint: string
187
+ ): void {
188
+ parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
189
+ }
198
190
 
199
- /**
200
- * add login_hint
201
- * @param loginHint
202
- */
203
- addLoginHint(loginHint: string): void {
204
- this.parameters.set(
205
- AADServerParamKeys.LOGIN_HINT,
206
- encodeURIComponent(loginHint)
207
- );
208
- }
191
+ /**
192
+ * Adds the CCS (Cache Credential Service) query parameter for account object
193
+ * @param loginHint
194
+ */
195
+ export function addCcsOid(
196
+ parameters: Map<string, string>,
197
+ clientInfo: ClientInfo
198
+ ): void {
199
+ parameters.set(
200
+ HeaderNames.CCS_HEADER,
201
+ `Oid:${clientInfo.uid}@${clientInfo.utid}`
202
+ );
203
+ }
209
204
 
210
- /**
211
- * Adds the CCS (Cache Credential Service) query parameter for login_hint
212
- * @param loginHint
213
- */
214
- addCcsUpn(loginHint: string): void {
215
- this.parameters.set(
216
- HeaderNames.CCS_HEADER,
217
- encodeURIComponent(`UPN:${loginHint}`)
218
- );
219
- }
205
+ /**
206
+ * add sid
207
+ * @param sid
208
+ */
209
+ export function addSid(parameters: Map<string, string>, sid: string): void {
210
+ parameters.set(AADServerParamKeys.SID, sid);
211
+ }
220
212
 
221
- /**
222
- * Adds the CCS (Cache Credential Service) query parameter for account object
223
- * @param loginHint
224
- */
225
- addCcsOid(clientInfo: ClientInfo): void {
226
- this.parameters.set(
227
- HeaderNames.CCS_HEADER,
228
- encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`)
229
- );
230
- }
213
+ /**
214
+ * add claims
215
+ * @param claims
216
+ */
217
+ export function addClaims(
218
+ parameters: Map<string, string>,
219
+ claims?: string,
220
+ clientCapabilities?: Array<string>
221
+ ): void {
222
+ const mergedClaims = addClientCapabilitiesToClaims(
223
+ claims,
224
+ clientCapabilities
225
+ );
226
+ try {
227
+ JSON.parse(mergedClaims);
228
+ } catch (e) {
229
+ throw createClientConfigurationError(
230
+ ClientConfigurationErrorCodes.invalidClaims
231
+ );
232
+ }
233
+ parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
234
+ }
231
235
 
232
- /**
233
- * add sid
234
- * @param sid
235
- */
236
- addSid(sid: string): void {
237
- this.parameters.set(AADServerParamKeys.SID, encodeURIComponent(sid));
238
- }
236
+ /**
237
+ * add correlationId
238
+ * @param correlationId
239
+ */
240
+ export function addCorrelationId(
241
+ parameters: Map<string, string>,
242
+ correlationId: string
243
+ ): void {
244
+ parameters.set(AADServerParamKeys.CLIENT_REQUEST_ID, correlationId);
245
+ }
239
246
 
240
- /**
241
- * add claims
242
- * @param claims
243
- */
244
- addClaims(claims?: string, clientCapabilities?: Array<string>): void {
245
- const mergedClaims = this.addClientCapabilitiesToClaims(
246
- claims,
247
- clientCapabilities
248
- );
249
- RequestValidator.validateClaims(mergedClaims);
250
- this.parameters.set(
251
- AADServerParamKeys.CLAIMS,
252
- encodeURIComponent(mergedClaims)
253
- );
247
+ /**
248
+ * add library info query params
249
+ * @param libraryInfo
250
+ */
251
+ export function addLibraryInfo(
252
+ parameters: Map<string, string>,
253
+ libraryInfo: LibraryInfo
254
+ ): void {
255
+ // Telemetry Info
256
+ parameters.set(AADServerParamKeys.X_CLIENT_SKU, libraryInfo.sku);
257
+ parameters.set(AADServerParamKeys.X_CLIENT_VER, libraryInfo.version);
258
+ if (libraryInfo.os) {
259
+ parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
254
260
  }
255
-
256
- /**
257
- * add correlationId
258
- * @param correlationId
259
- */
260
- addCorrelationId(correlationId: string): void {
261
- this.parameters.set(
262
- AADServerParamKeys.CLIENT_REQUEST_ID,
263
- encodeURIComponent(correlationId)
264
- );
261
+ if (libraryInfo.cpu) {
262
+ parameters.set(AADServerParamKeys.X_CLIENT_CPU, libraryInfo.cpu);
265
263
  }
264
+ }
266
265
 
267
- /**
268
- * add library info query params
269
- * @param libraryInfo
270
- */
271
- addLibraryInfo(libraryInfo: LibraryInfo): void {
272
- // Telemetry Info
273
- this.parameters.set(AADServerParamKeys.X_CLIENT_SKU, libraryInfo.sku);
274
- this.parameters.set(
275
- AADServerParamKeys.X_CLIENT_VER,
276
- libraryInfo.version
277
- );
278
- if (libraryInfo.os) {
279
- this.parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
280
- }
281
- if (libraryInfo.cpu) {
282
- this.parameters.set(
283
- AADServerParamKeys.X_CLIENT_CPU,
284
- libraryInfo.cpu
285
- );
286
- }
266
+ /**
267
+ * Add client telemetry parameters
268
+ * @param appTelemetry
269
+ */
270
+ export function addApplicationTelemetry(
271
+ parameters: Map<string, string>,
272
+ appTelemetry: ApplicationTelemetry
273
+ ): void {
274
+ if (appTelemetry?.appName) {
275
+ parameters.set(AADServerParamKeys.X_APP_NAME, appTelemetry.appName);
287
276
  }
288
277
 
289
- /**
290
- * Add client telemetry parameters
291
- * @param appTelemetry
292
- */
293
- addApplicationTelemetry(appTelemetry: ApplicationTelemetry): void {
294
- if (appTelemetry?.appName) {
295
- this.parameters.set(
296
- AADServerParamKeys.X_APP_NAME,
297
- appTelemetry.appName
298
- );
299
- }
300
-
301
- if (appTelemetry?.appVersion) {
302
- this.parameters.set(
303
- AADServerParamKeys.X_APP_VER,
304
- appTelemetry.appVersion
305
- );
306
- }
278
+ if (appTelemetry?.appVersion) {
279
+ parameters.set(AADServerParamKeys.X_APP_VER, appTelemetry.appVersion);
307
280
  }
281
+ }
308
282
 
309
- /**
310
- * add prompt
311
- * @param prompt
312
- */
313
- addPrompt(prompt: string): void {
314
- RequestValidator.validatePrompt(prompt);
315
- this.parameters.set(
316
- `${AADServerParamKeys.PROMPT}`,
317
- encodeURIComponent(prompt)
318
- );
319
- }
283
+ /**
284
+ * add prompt
285
+ * @param prompt
286
+ */
287
+ export function addPrompt(
288
+ parameters: Map<string, string>,
289
+ prompt: string
290
+ ): void {
291
+ parameters.set(AADServerParamKeys.PROMPT, prompt);
292
+ }
320
293
 
321
- /**
322
- * add state
323
- * @param state
324
- */
325
- addState(state: string): void {
326
- if (state) {
327
- this.parameters.set(
328
- AADServerParamKeys.STATE,
329
- encodeURIComponent(state)
330
- );
331
- }
294
+ /**
295
+ * add state
296
+ * @param state
297
+ */
298
+ export function addState(parameters: Map<string, string>, state: string): void {
299
+ if (state) {
300
+ parameters.set(AADServerParamKeys.STATE, state);
332
301
  }
302
+ }
333
303
 
334
- /**
335
- * add nonce
336
- * @param nonce
337
- */
338
- addNonce(nonce: string): void {
339
- this.parameters.set(
340
- AADServerParamKeys.NONCE,
341
- encodeURIComponent(nonce)
342
- );
343
- }
304
+ /**
305
+ * add nonce
306
+ * @param nonce
307
+ */
308
+ export function addNonce(parameters: Map<string, string>, nonce: string): void {
309
+ parameters.set(AADServerParamKeys.NONCE, nonce);
310
+ }
344
311
 
345
- /**
346
- * add code_challenge and code_challenge_method
347
- * - throw if either of them are not passed
348
- * @param codeChallenge
349
- * @param codeChallengeMethod
350
- */
351
- addCodeChallengeParams(
352
- codeChallenge: string,
353
- codeChallengeMethod: string
354
- ): void {
355
- RequestValidator.validateCodeChallengeParams(
356
- codeChallenge,
312
+ /**
313
+ * add code_challenge and code_challenge_method
314
+ * - throw if either of them are not passed
315
+ * @param codeChallenge
316
+ * @param codeChallengeMethod
317
+ */
318
+ export function addCodeChallengeParams(
319
+ parameters: Map<string, string>,
320
+ codeChallenge?: string,
321
+ codeChallengeMethod?: string
322
+ ): void {
323
+ if (codeChallenge && codeChallengeMethod) {
324
+ parameters.set(AADServerParamKeys.CODE_CHALLENGE, codeChallenge);
325
+ parameters.set(
326
+ AADServerParamKeys.CODE_CHALLENGE_METHOD,
357
327
  codeChallengeMethod
358
328
  );
359
- if (codeChallenge && codeChallengeMethod) {
360
- this.parameters.set(
361
- AADServerParamKeys.CODE_CHALLENGE,
362
- encodeURIComponent(codeChallenge)
363
- );
364
- this.parameters.set(
365
- AADServerParamKeys.CODE_CHALLENGE_METHOD,
366
- encodeURIComponent(codeChallengeMethod)
367
- );
368
- } else {
369
- throw createClientConfigurationError(
370
- ClientConfigurationErrorCodes.pkceParamsMissing
371
- );
372
- }
373
- }
374
-
375
- /**
376
- * add the `authorization_code` passed by the user to exchange for a token
377
- * @param code
378
- */
379
- addAuthorizationCode(code: string): void {
380
- this.parameters.set(AADServerParamKeys.CODE, encodeURIComponent(code));
381
- }
382
-
383
- /**
384
- * add the `authorization_code` passed by the user to exchange for a token
385
- * @param code
386
- */
387
- addDeviceCode(code: string): void {
388
- this.parameters.set(
389
- AADServerParamKeys.DEVICE_CODE,
390
- encodeURIComponent(code)
391
- );
392
- }
393
-
394
- /**
395
- * add the `refreshToken` passed by the user
396
- * @param refreshToken
397
- */
398
- addRefreshToken(refreshToken: string): void {
399
- this.parameters.set(
400
- AADServerParamKeys.REFRESH_TOKEN,
401
- encodeURIComponent(refreshToken)
329
+ } else {
330
+ throw createClientConfigurationError(
331
+ ClientConfigurationErrorCodes.pkceParamsMissing
402
332
  );
403
333
  }
334
+ }
404
335
 
405
- /**
406
- * add the `code_verifier` passed by the user to exchange for a token
407
- * @param codeVerifier
408
- */
409
- addCodeVerifier(codeVerifier: string): void {
410
- this.parameters.set(
411
- AADServerParamKeys.CODE_VERIFIER,
412
- encodeURIComponent(codeVerifier)
413
- );
414
- }
336
+ /**
337
+ * add the `authorization_code` passed by the user to exchange for a token
338
+ * @param code
339
+ */
340
+ export function addAuthorizationCode(
341
+ parameters: Map<string, string>,
342
+ code: string
343
+ ): void {
344
+ parameters.set(AADServerParamKeys.CODE, code);
345
+ }
415
346
 
416
- /**
417
- * add client_secret
418
- * @param clientSecret
419
- */
420
- addClientSecret(clientSecret: string): void {
421
- this.parameters.set(
422
- AADServerParamKeys.CLIENT_SECRET,
423
- encodeURIComponent(clientSecret)
424
- );
425
- }
347
+ /**
348
+ * add the `authorization_code` passed by the user to exchange for a token
349
+ * @param code
350
+ */
351
+ export function addDeviceCode(
352
+ parameters: Map<string, string>,
353
+ code: string
354
+ ): void {
355
+ parameters.set(AADServerParamKeys.DEVICE_CODE, code);
356
+ }
426
357
 
427
- /**
428
- * add clientAssertion for confidential client flows
429
- * @param clientAssertion
430
- */
431
- addClientAssertion(clientAssertion: string): void {
432
- if (clientAssertion) {
433
- this.parameters.set(
434
- AADServerParamKeys.CLIENT_ASSERTION,
435
- encodeURIComponent(clientAssertion)
436
- );
437
- }
438
- }
358
+ /**
359
+ * add the `refreshToken` passed by the user
360
+ * @param refreshToken
361
+ */
362
+ export function addRefreshToken(
363
+ parameters: Map<string, string>,
364
+ refreshToken: string
365
+ ): void {
366
+ parameters.set(AADServerParamKeys.REFRESH_TOKEN, refreshToken);
367
+ }
439
368
 
440
- /**
441
- * add clientAssertionType for confidential client flows
442
- * @param clientAssertionType
443
- */
444
- addClientAssertionType(clientAssertionType: string): void {
445
- if (clientAssertionType) {
446
- this.parameters.set(
447
- AADServerParamKeys.CLIENT_ASSERTION_TYPE,
448
- encodeURIComponent(clientAssertionType)
449
- );
450
- }
451
- }
369
+ /**
370
+ * add the `code_verifier` passed by the user to exchange for a token
371
+ * @param codeVerifier
372
+ */
373
+ export function addCodeVerifier(
374
+ parameters: Map<string, string>,
375
+ codeVerifier: string
376
+ ): void {
377
+ parameters.set(AADServerParamKeys.CODE_VERIFIER, codeVerifier);
378
+ }
452
379
 
453
- /**
454
- * add OBO assertion for confidential client flows
455
- * @param clientAssertion
456
- */
457
- addOboAssertion(oboAssertion: string): void {
458
- this.parameters.set(
459
- AADServerParamKeys.OBO_ASSERTION,
460
- encodeURIComponent(oboAssertion)
461
- );
462
- }
380
+ /**
381
+ * add client_secret
382
+ * @param clientSecret
383
+ */
384
+ export function addClientSecret(
385
+ parameters: Map<string, string>,
386
+ clientSecret: string
387
+ ): void {
388
+ parameters.set(AADServerParamKeys.CLIENT_SECRET, clientSecret);
389
+ }
463
390
 
464
- /**
465
- * add grant type
466
- * @param grantType
467
- */
468
- addRequestTokenUse(tokenUse: string): void {
469
- this.parameters.set(
470
- AADServerParamKeys.REQUESTED_TOKEN_USE,
471
- encodeURIComponent(tokenUse)
472
- );
391
+ /**
392
+ * add clientAssertion for confidential client flows
393
+ * @param clientAssertion
394
+ */
395
+ export function addClientAssertion(
396
+ parameters: Map<string, string>,
397
+ clientAssertion: string
398
+ ): void {
399
+ if (clientAssertion) {
400
+ parameters.set(AADServerParamKeys.CLIENT_ASSERTION, clientAssertion);
473
401
  }
402
+ }
474
403
 
475
- /**
476
- * add grant type
477
- * @param grantType
478
- */
479
- addGrantType(grantType: string): void {
480
- this.parameters.set(
481
- AADServerParamKeys.GRANT_TYPE,
482
- encodeURIComponent(grantType)
404
+ /**
405
+ * add clientAssertionType for confidential client flows
406
+ * @param clientAssertionType
407
+ */
408
+ export function addClientAssertionType(
409
+ parameters: Map<string, string>,
410
+ clientAssertionType: string
411
+ ): void {
412
+ if (clientAssertionType) {
413
+ parameters.set(
414
+ AADServerParamKeys.CLIENT_ASSERTION_TYPE,
415
+ clientAssertionType
483
416
  );
484
417
  }
418
+ }
485
419
 
486
- /**
487
- * add client info
488
- *
489
- */
490
- addClientInfo(): void {
491
- this.parameters.set(CLIENT_INFO, "1");
492
- }
493
-
494
- /**
495
- * add extraQueryParams
496
- * @param eQParams
497
- */
498
- addExtraQueryParameters(eQParams: StringDict): void {
499
- Object.entries(eQParams).forEach(([key, value]) => {
500
- if (!this.parameters.has(key) && value) {
501
- this.parameters.set(key, value);
502
- }
503
- });
504
- }
505
-
506
- addClientCapabilitiesToClaims(
507
- claims?: string,
508
- clientCapabilities?: Array<string>
509
- ): string {
510
- let mergedClaims: object;
511
-
512
- // Parse provided claims into JSON object or initialize empty object
513
- if (!claims) {
514
- mergedClaims = {};
515
- } else {
516
- try {
517
- mergedClaims = JSON.parse(claims);
518
- } catch (e) {
519
- throw createClientConfigurationError(
520
- ClientConfigurationErrorCodes.invalidClaims
521
- );
522
- }
523
- }
420
+ /**
421
+ * add OBO assertion for confidential client flows
422
+ * @param clientAssertion
423
+ */
424
+ export function addOboAssertion(
425
+ parameters: Map<string, string>,
426
+ oboAssertion: string
427
+ ): void {
428
+ parameters.set(AADServerParamKeys.OBO_ASSERTION, oboAssertion);
429
+ }
524
430
 
525
- if (clientCapabilities && clientCapabilities.length > 0) {
526
- if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
527
- // Add access_token key to claims object
528
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
529
- }
431
+ /**
432
+ * add grant type
433
+ * @param grantType
434
+ */
435
+ export function addRequestTokenUse(
436
+ parameters: Map<string, string>,
437
+ tokenUse: string
438
+ ): void {
439
+ parameters.set(AADServerParamKeys.REQUESTED_TOKEN_USE, tokenUse);
440
+ }
530
441
 
531
- // Add xms_cc claim with provided clientCapabilities to access_token key
532
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][
533
- ClaimsRequestKeys.XMS_CC
534
- ] = {
535
- values: clientCapabilities,
536
- };
537
- }
442
+ /**
443
+ * add grant type
444
+ * @param grantType
445
+ */
446
+ export function addGrantType(
447
+ parameters: Map<string, string>,
448
+ grantType: string
449
+ ): void {
450
+ parameters.set(AADServerParamKeys.GRANT_TYPE, grantType);
451
+ }
538
452
 
539
- return JSON.stringify(mergedClaims);
540
- }
453
+ /**
454
+ * add client info
455
+ *
456
+ */
457
+ export function addClientInfo(parameters: Map<string, string>): void {
458
+ parameters.set(CLIENT_INFO, "1");
459
+ }
541
460
 
542
- /**
543
- * adds `username` for Password Grant flow
544
- * @param username
545
- */
546
- addUsername(username: string): void {
547
- this.parameters.set(
548
- PasswordGrantConstants.username,
549
- encodeURIComponent(username)
550
- );
461
+ export function addInstanceAware(parameters: Map<string, string>): void {
462
+ if (!parameters.has(AADServerParamKeys.INSTANCE_AWARE)) {
463
+ parameters.set(AADServerParamKeys.INSTANCE_AWARE, "true");
551
464
  }
465
+ }
552
466
 
553
- /**
554
- * adds `password` for Password Grant flow
555
- * @param password
556
- */
557
- addPassword(password: string): void {
558
- this.parameters.set(
559
- PasswordGrantConstants.password,
560
- encodeURIComponent(password)
561
- );
562
- }
467
+ /**
468
+ * add extraQueryParams
469
+ * @param eQParams
470
+ */
471
+ export function addExtraQueryParameters(
472
+ parameters: Map<string, string>,
473
+ eQParams: StringDict
474
+ ): void {
475
+ Object.entries(eQParams).forEach(([key, value]) => {
476
+ if (!parameters.has(key) && value) {
477
+ parameters.set(key, value);
478
+ }
479
+ });
480
+ }
563
481
 
564
- /**
565
- * add pop_jwk to query params
566
- * @param cnfString
567
- */
568
- addPopToken(cnfString: string): void {
569
- if (cnfString) {
570
- this.parameters.set(
571
- AADServerParamKeys.TOKEN_TYPE,
572
- AuthenticationScheme.POP
573
- );
574
- this.parameters.set(
575
- AADServerParamKeys.REQ_CNF,
576
- encodeURIComponent(cnfString)
482
+ export function addClientCapabilitiesToClaims(
483
+ claims?: string,
484
+ clientCapabilities?: Array<string>
485
+ ): string {
486
+ let mergedClaims: object;
487
+
488
+ // Parse provided claims into JSON object or initialize empty object
489
+ if (!claims) {
490
+ mergedClaims = {};
491
+ } else {
492
+ try {
493
+ mergedClaims = JSON.parse(claims);
494
+ } catch (e) {
495
+ throw createClientConfigurationError(
496
+ ClientConfigurationErrorCodes.invalidClaims
577
497
  );
578
498
  }
579
499
  }
580
500
 
581
- /**
582
- * add SSH JWK and key ID to query params
583
- */
584
- addSshJwk(sshJwkString: string): void {
585
- if (sshJwkString) {
586
- this.parameters.set(
587
- AADServerParamKeys.TOKEN_TYPE,
588
- AuthenticationScheme.SSH
589
- );
590
- this.parameters.set(
591
- AADServerParamKeys.REQ_CNF,
592
- encodeURIComponent(sshJwkString)
593
- );
501
+ if (clientCapabilities && clientCapabilities.length > 0) {
502
+ if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
503
+ // Add access_token key to claims object
504
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
594
505
  }
595
- }
596
506
 
597
- /**
598
- * add server telemetry fields
599
- * @param serverTelemetryManager
600
- */
601
- addServerTelemetry(serverTelemetryManager: ServerTelemetryManager): void {
602
- this.parameters.set(
603
- AADServerParamKeys.X_CLIENT_CURR_TELEM,
604
- serverTelemetryManager.generateCurrentRequestHeaderValue()
605
- );
606
- this.parameters.set(
607
- AADServerParamKeys.X_CLIENT_LAST_TELEM,
608
- serverTelemetryManager.generateLastRequestHeaderValue()
609
- );
507
+ // Add xms_cc claim with provided clientCapabilities to access_token key
508
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
509
+ {
510
+ values: clientCapabilities,
511
+ };
610
512
  }
611
513
 
612
- /**
613
- * Adds parameter that indicates to the server that throttling is supported
614
- */
615
- addThrottling(): void {
616
- this.parameters.set(
617
- AADServerParamKeys.X_MS_LIB_CAPABILITY,
618
- ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
619
- );
620
- }
514
+ return JSON.stringify(mergedClaims);
515
+ }
621
516
 
622
- /**
623
- * Adds logout_hint parameter for "silent" logout which prevent server account picker
624
- */
625
- addLogoutHint(logoutHint: string): void {
626
- this.parameters.set(
627
- AADServerParamKeys.LOGOUT_HINT,
628
- encodeURIComponent(logoutHint)
629
- );
517
+ /**
518
+ * adds `username` for Password Grant flow
519
+ * @param username
520
+ */
521
+ export function addUsername(
522
+ parameters: Map<string, string>,
523
+ username: string
524
+ ): void {
525
+ parameters.set(PasswordGrantConstants.username, username);
526
+ }
527
+
528
+ /**
529
+ * adds `password` for Password Grant flow
530
+ * @param password
531
+ */
532
+ export function addPassword(
533
+ parameters: Map<string, string>,
534
+ password: string
535
+ ): void {
536
+ parameters.set(PasswordGrantConstants.password, password);
537
+ }
538
+
539
+ /**
540
+ * add pop_jwk to query params
541
+ * @param cnfString
542
+ */
543
+ export function addPopToken(
544
+ parameters: Map<string, string>,
545
+ cnfString: string
546
+ ): void {
547
+ if (cnfString) {
548
+ parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.POP);
549
+ parameters.set(AADServerParamKeys.REQ_CNF, cnfString);
630
550
  }
551
+ }
631
552
 
632
- addBrokerParameters(params: {
633
- brokerClientId: string;
634
- brokerRedirectUri: string;
635
- }): void {
636
- const brokerParams: StringDict = {};
637
- brokerParams[AADServerParamKeys.BROKER_CLIENT_ID] =
638
- params.brokerClientId;
639
- brokerParams[AADServerParamKeys.BROKER_REDIRECT_URI] =
640
- params.brokerRedirectUri;
641
-
642
- this.addExtraQueryParameters(brokerParams);
553
+ /**
554
+ * add SSH JWK and key ID to query params
555
+ */
556
+ export function addSshJwk(
557
+ parameters: Map<string, string>,
558
+ sshJwkString: string
559
+ ): void {
560
+ if (sshJwkString) {
561
+ parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.SSH);
562
+ parameters.set(AADServerParamKeys.REQ_CNF, sshJwkString);
643
563
  }
564
+ }
565
+
566
+ /**
567
+ * add server telemetry fields
568
+ * @param serverTelemetryManager
569
+ */
570
+ export function addServerTelemetry(
571
+ parameters: Map<string, string>,
572
+ serverTelemetryManager: ServerTelemetryManager
573
+ ): void {
574
+ parameters.set(
575
+ AADServerParamKeys.X_CLIENT_CURR_TELEM,
576
+ serverTelemetryManager.generateCurrentRequestHeaderValue()
577
+ );
578
+ parameters.set(
579
+ AADServerParamKeys.X_CLIENT_LAST_TELEM,
580
+ serverTelemetryManager.generateLastRequestHeaderValue()
581
+ );
582
+ }
644
583
 
645
- /**
646
- * Utility to create a URL from the params map
647
- */
648
- createQueryString(): string {
649
- const queryParameterArray: Array<string> = new Array<string>();
584
+ /**
585
+ * Adds parameter that indicates to the server that throttling is supported
586
+ */
587
+ export function addThrottling(parameters: Map<string, string>): void {
588
+ parameters.set(
589
+ AADServerParamKeys.X_MS_LIB_CAPABILITY,
590
+ ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
591
+ );
592
+ }
650
593
 
651
- this.parameters.forEach((value, key) => {
652
- queryParameterArray.push(`${key}=${value}`);
653
- });
594
+ /**
595
+ * Adds logout_hint parameter for "silent" logout which prevent server account picker
596
+ */
597
+ export function addLogoutHint(
598
+ parameters: Map<string, string>,
599
+ logoutHint: string
600
+ ): void {
601
+ parameters.set(AADServerParamKeys.LOGOUT_HINT, logoutHint);
602
+ }
654
603
 
655
- instrumentBrokerParams(
656
- this.parameters,
657
- this.correlationId,
658
- this.performanceClient
604
+ export function addBrokerParameters(
605
+ parameters: Map<string, string>,
606
+ brokerClientId: string,
607
+ brokerRedirectUri: string
608
+ ): void {
609
+ if (!parameters.has(AADServerParamKeys.BROKER_CLIENT_ID)) {
610
+ parameters.set(AADServerParamKeys.BROKER_CLIENT_ID, brokerClientId);
611
+ }
612
+ if (!parameters.has(AADServerParamKeys.BROKER_REDIRECT_URI)) {
613
+ parameters.set(
614
+ AADServerParamKeys.BROKER_REDIRECT_URI,
615
+ brokerRedirectUri
659
616
  );
660
-
661
- return queryParameterArray.join("&");
662
617
  }
663
618
  }
619
+
620
+ /**
621
+ * Add EAR (Encrypted Authorize Response) request parameters
622
+ * @param parameters
623
+ * @param jwk
624
+ */
625
+ export function addEARParameters(
626
+ parameters: Map<string, string>,
627
+ jwk: string
628
+ ): void {
629
+ parameters.set(AADServerParamKeys.EAR_JWK, encodeURIComponent(jwk));
630
+
631
+ // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
632
+ const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
633
+ parameters.set(AADServerParamKeys.EAR_JWE_CRYPTO, jweCryptoB64Encoded);
634
+ }